How Porn Sites Are Spying And Selling Your Private Data

Porn sites have joined other known data-mining companies and new research has revealed that 93% of 22,484 adult websites that were analyzed were leaking users data to online advertisers and web analytics providers.

According to the research, the list of companies that sell users data, browsing habits and sexual preferences includes Google, Oracle, Facebook, Cloudflare, and advertisers who are only active in the adult industry.

The research team selected the sites they used for their analysis by scanning the Alexa Top 1 Million list for sites that used the term “porn” in their title or metadata. They identified 22,484 websites, and then analyzed their source code, and looked for the presence of a privacy policy. Inside privacy policies, researchers looked for wording that may indicate if the website is sharing user data with third parties, confirming their source code scans.

“We successfully extracted privacy policies for 3,856 sites, 17% of the total,” said the research team, consisting of Elena Maris from Microsoft, Timothy Libert from Carnegie Melon University, and Jennifer Henrichsen from the University of Pennsylvania.

“Policies have an average word count of 1,750 and take seven minutes to read. The policies were written such that one might need a two-year college education to understand them.” The researchers said.

According to the researchers, only 11% of third-parties that were seen tracking users on an adult web page were also listed in a site’s privacy policy, indicating that a lot of users are being tracked and their data stored without disclosure to users.

In a nutshell, some porn sites, which are less than 2%, set up a privacy policy but majority of the porn streaming sites deployed various trackers in the site’s source code and used tech that was silently collecting data about users’ behavior.

Per the research team, Google-related scripts were found on 74% of the 22,484 adult sites, followed by exoClick (40%), Oracle (24%), JuicyAds (11%), and Facebook (10%).

“Our results indicate tracking is endemic on pornography websites. 93% of pages leak user data to a third-party; the pages that leak data do so to an average of seven domains; 79% have a third-party cookie (often used for tracking); of the pages with cookies, there is an average of nine cookies; and only 17% of sites are encrypted, allowing network adversaries to potentially intercept login and password details.” The research said.

according to further details of the research seen by Kenya Insights, There were way over 230 companies that were data mining porn sites users private information and behaviors with a few known big players who aggregated most of the data.

“Thee majority of non-pornography companies in the top ten are based in the U.S., while the majority of pornography-specific companies are based in Europe. One reason may be differing cultural and commercial norms towards sexual content. In the U.S., many advertising and video hosting platforms forbid ‘adult’ content. Thus, Google refuses to host porn, but has no limits on observing the porn consumption of users, often without their knowledge,” researchers said.

But according to researchers, recording the URL of a page a user accessed on adult sites is normal tracking behavior for any analytics provider, but the structure of which, some adult sites’ URLs would reveal the nature of the material the user was viewing caused problems.

Porn sites have set users private date open such that any third-party observer analyzing these URLs would learn the sexual preferences or viewing habits that users would most likely want to be kept private, and not associated with advertising profiles. Researchers said that almost 45% of adult sites used URL structures that exposed users’ sexual preferences.

I don’t think that porn users data will be safe even if they invest into an ad blocker or any similar technology that ensures the user’s privacy while navigating the web, especially if they want to keep their porn viewing habits private. If the sites still fetch your data in incognito browsing mode then nothing will stop them from fishing and selling your data even if you leave your browser’s local history clean.